ISHACK AI BOT

Red Hat: CVE-2023-27535: FTP too eager connection reuse (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. Solution(s) redhat-upgrade-curl redhat-upgrade-curl-debuginfo redhat-upgrade-curl-debugsource redhat-upgrade-curl-minimal redhat-upgrade-curl-minimal-debuginfo redhat-upgrade-libcurl redhat-upgrade-libcurl-debuginfo redhat-upgrade-libcurl-devel redhat-upgrade-libcurl-minimal redhat-upgrade-libcurl-minimal-debuginfo References CVE-2023-27535 RHSA-2023:2650 RHSA-2023:3106 RHSA-2024:0428

Huawei EulerOS: CVE-2023-1393: xorg-x11-server security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 07/17/2024 Added 07/17/2024 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) huawei-euleros-2_0_sp9-upgrade-xorg-x11-server-help References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 EulerOS-SA-2024-1979

IBM AIX: curl_advisory2 (CVE-2023-27538): Security vulnerabilities in cURL for AIX Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) ibm-aix-curl_advisory2 References https://attackerkb.com/topics/cve-2023-27538 CVE - 2023-27538 https://aix.software.ibm.com/aix/efixes/security/curl_advisory2.asc

Huawei EulerOS: CVE-2023-1393: xorg-x11-server security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) huawei-euleros-2_0_sp11-upgrade-xorg-x11-server-help References https://attackerkb.com/topics/cve-2023-1393 CVE - 2023-1393 EulerOS-SA-2023-2715

Amazon Linux AMI 2: CVE-2023-27533: Security patch for curl (ALAS-2023-2070) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/30/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-27533 AL2/ALAS-2023-2070 CVE - 2023-27533

Amazon Linux AMI 2: CVE-2023-27538: Security patch for curl (ALAS-2023-2070) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-27538 AL2/ALAS-2023-2070 CVE - 2023-27538

Debian: CVE-2023-25076: sniproxy -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. Solution(s) debian-upgrade-sniproxy References https://attackerkb.com/topics/cve-2023-25076 CVE - 2023-25076 DLA-3406-1

Debian: CVE-2022-4744: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2022-4744 CVE - 2022-4744 DLA-3403-1

Ubuntu: USN-6148-1 (CVE-2023-25076): SNI Proxy vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability. Solution(s) ubuntu-pro-upgrade-sniproxy References https://attackerkb.com/topics/cve-2023-25076 CVE - 2023-25076 USN-6148-1

Red Hat: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Local Privilege Escalation Vulnerability (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later. Solution(s) redhat-upgrade-tigervnc redhat-upgrade-tigervnc-debuginfo redhat-upgrade-tigervnc-debugsource redhat-upgrade-tigervnc-icons redhat-upgrade-tigervnc-license redhat-upgrade-tigervnc-selinux redhat-upgrade-tigervnc-server redhat-upgrade-tigervnc-server-applet redhat-upgrade-tigervnc-server-debuginfo redhat-upgrade-tigervnc-server-minimal redhat-upgrade-tigervnc-server-minimal-debuginfo redhat-upgrade-tigervnc-server-module redhat-upgrade-tigervnc-server-module-debuginfo redhat-upgrade-xorg-x11-server-common redhat-upgrade-xorg-x11-server-debuginfo redhat-upgrade-xorg-x11-server-debugsource redhat-upgrade-xorg-x11-server-devel redhat-upgrade-xorg-x11-server-source redhat-upgrade-xorg-x11-server-xdmx redhat-upgrade-xorg-x11-server-xdmx-debuginfo redhat-upgrade-xorg-x11-server-xephyr redhat-upgrade-xorg-x11-server-xephyr-debuginfo redhat-upgrade-xorg-x11-server-xnest redhat-upgrade-xorg-x11-server-xnest-debuginfo redhat-upgrade-xorg-x11-server-xorg redhat-upgrade-xorg-x11-server-xorg-debuginfo redhat-upgrade-xorg-x11-server-xvfb redhat-upgrade-xorg-x11-server-xvfb-debuginfo redhat-upgrade-xorg-x11-server-xwayland redhat-upgrade-xorg-x11-server-xwayland-debuginfo redhat-upgrade-xorg-x11-server-xwayland-debugsource References CVE-2023-1393 RHSA-2023:1548 RHSA-2023:1551 RHSA-2023:1592 RHSA-2023:1594 RHSA-2023:1598 RHSA-2023:1599 RHSA-2023:6340 RHSA-2023:6341 RHSA-2023:6916 RHSA-2023:6917 View more

VMware Photon OS: CVE-2023-1670 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1670 CVE - 2023-1670

VMware Photon OS: CVE-2022-4744 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4744 CVE - 2022-4744

Aruba AOS-8: CVE-2022-47522: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description The paper specifically mentions certain Aruba WLAN products running ArubaOS version 8.4.0.0 as affected. After further investigation, Aruba separates the vulnerabilities described in the paper in the following 3 scenarios: 1) Exploiting Power Save Features: No Aruba Products are vulnerable to this scenario. 2) Security Context Override (SCO): All versions of the Aruba products listed under the Affected Products section are vulnerable to this attack. An attacker needs to be authenticated to the Wi-Fi network using valid credentials before being able to carry out the attack. This would imply that the vulnerability requires an insider threat to be exploited. Data encryption such as TLS prevents the disclosure of sensitive information or allowing an attacker to steal the victims session. 3) Fast Reconnect Attack: The following Aruba products and versions are affected: - ArubaOS Wi-Fi Controllers and Campus/ Remote Access Points - 8.9.0.3 and below - 8.6.0.20 and below - Aruba InstantOS / Aruba Access Points running ArubaOS 10 - 10.3.1.0 and below - 8.9.0.3 and below - 8.8.0.3 and below - 8.7.1.11 and below - 8.6.0.18 and below - 6.5.4.23 and below - 6.4.4.8-4.2.4.20 and below - Aruba Instant On Access Points - 2.8 and below The published paper can be found at https://papers.mathyvanhoef.com/usenix2023-wifi.pdf Solution(s) aruba-aos-8-cve-2022-47522 References https://attackerkb.com/topics/cve-2022-47522 CVE - 2022-47522 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-005.json

SUSE: CVE-2023-1670: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-ec2 suse-upgrade-kernel-ec2-base suse-upgrade-kernel-ec2-devel suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-trace suse-upgrade-kernel-trace-base suse-upgrade-kernel-trace-devel suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-xen suse-upgrade-kernel-xen-base suse-upgrade-kernel-xen-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-1670 CVE - 2023-1670

IBM AIX: curl_advisory2 (CVE-2023-27536): Security vulnerabilities in cURL for AIX Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Solution(s) ibm-aix-curl_advisory2 References https://attackerkb.com/topics/cve-2023-27536 CVE - 2023-27536 https://aix.software.ibm.com/aix/efixes/security/curl_advisory2.asc

IBM AIX: curl_advisory2 (CVE-2023-27533): Security vulnerabilities in cURL for AIX Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) ibm-aix-curl_advisory2 References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533 https://aix.software.ibm.com/aix/efixes/security/curl_advisory2.asc

IBM AIX: curl_advisory2 (CVE-2023-27534): Security vulnerabilities in cURL for AIX Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) ibm-aix-curl_advisory2 References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534 https://aix.software.ibm.com/aix/efixes/security/curl_advisory2.asc

Debian: CVE-2023-27534: curl -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 03/19/2024 Added 03/18/2024 Modified 01/30/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534 DLA-3763-1

Debian: CVE-2023-27538: curl -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/30/2023 Created 05/05/2023 Added 04/24/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-27538 CVE - 2023-27538 DLA-3398-1

Debian: CVE-2023-27537: curl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 03/30/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-27537 CVE - 2023-27537

Debian: CVE-2023-27535: curl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 05/05/2023 Added 04/24/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-27535 CVE - 2023-27535 DLA-3398-1

Debian: CVE-2023-27533: curl -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/30/2023 Created 05/05/2023 Added 04/24/2023 Modified 01/30/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533 DLA-3398-1

Alpine Linux: CVE-2023-27534: Path Traversal Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534 https://security.alpinelinux.org/vuln/CVE-2023-27534

Alpine Linux: CVE-2023-27536: Improper Authentication Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-27536 CVE - 2023-27536 https://security.alpinelinux.org/vuln/CVE-2023-27536

Huawei EulerOS: CVE-2023-27535: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/30/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-27535 CVE - 2023-27535 EulerOS-SA-2023-2677